1<?php 2/* $Id: usermanager.php,v 1.82 2004/09/07 17:22:04 k-fish Exp $ */ 3 4$myEnv["module"] = "admin"; 5$myEnv['stdsmenu'] = false; 6$myEnv["output"] = "html"; 7 8include("../../config.inc.php"); 9include(INCLUDEPATH . "container.inc.php"); 10 11// adding file revision into global array 12revisionInit("\$Revision: 1.82 $", __FILE__); 13 14// ================================================= 15// check data 16// ================================================= 17if(isset($_POST["create"]) or isset($_POST["edit"])) { 18 19 $_POST["firstname"] = trim($_POST["firstname"]); 20 $_POST["lastname"] = trim($_POST["lastname"]); 21 22 $_POST["usernameform"] = strtolower(str_replace(array("#","@"," ",",",".","/","\\","'","\""),"",trim($_POST["usernameform"]))); 23 $errormsg = ''; 24 25 if(isset($_POST["create"])) { 26 $gname = $conn->QMagic($_POST["usernameform"]); 27 28 $sql = "SELECT username FROM mgw_users WHERE username = ".$gname; 29 if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 30 31 if($res->RecordCount() > 0) { $errormsg .= Lang::getLanguageString("err_duplicateuser").'<br />';} 32 if($_POST["usernameform"]=="") { $errormsg .= Lang::getLanguageString("err_nousername").'<br />';} 33 if(ereg('[^a-z0-9]',$_POST["usernameform"])) { $errormsg .= Lang::getLanguageString("err_nousername").'<br />';} 34 35 $errorsrc='create'; 36 } 37 else{ 38 $errorsrc='edit'; 39 } 40 41 if($_POST["firstname"] == "") $errormsg .= Lang::getLanguageString("err_nofirstname").'<br />'; 42 if($_POST["lastname"] == "") $errormsg .= Lang::getLanguageString("err_nolastname").'<br />'; 43 if((strlen($_POST["pw"]) < 6) && (strlen($_POST["pw"]) > 0)) { 44 $errormsg .= Lang::getLanguageString("err_pwtooshort").'<br />'; 45 } 46 if($_POST["pw"] <> $_POST["pwagain"]) $errormsg .= Lang::getLanguageString("err_pwsnotequal"); 47 48 if($errormsg != '') { 49 $smarty->assign("errormsg",$errormsg); 50 } 51 else $errorsrc=false; 52} 53 54// ================================================= 55// create entry 56// ================================================= 57 58if (isset($_POST["create"]) && !$errorsrc){ 59 queryRights2("root_modules_admin_usermanager_createusers"); 60 61 $id = mgw_genID('mgw__seq_users', 5); 62 63 $usernameform = $conn->QMagic($_POST["usernameform"]); 64 $lastname = $conn->QMagic($_POST["lastname"]); 65 $firstname = $conn->QMagic($_POST["firstname"]); 66 $occupation = $conn->QMagic($_POST["occupation"]); 67 $workloc = $conn->QMagic($_POST["workloc"]); 68 $sex = $conn->QMagic($_POST["sex"]); 69 $telephone = $conn->QMagic($_POST["telephone"]); 70 $email = $conn->QMagic($_POST["email"]); 71 $mobil = $conn->QMagic($_POST["mobil"]); 72 $language = $conn->QMagic($_POST["language"]); 73 74 $bdayts = $_POST["birthdayYear"]."-".$_POST["birthdayMonth"]."-".$_POST["birthdayDay"]." 00:00:00"; 75 $birthday=$conn->DBTimeStamp($bdayts); 76 77 // md5 the password 78 $md5pw = md5($_POST["pw"]); 79 80 $sql="INSERT INTO mgw_users (id, username, lastname, firstname, occupation, workloc, birthday, sex, mobil, telephone, email, skintheme, pw, lang, level, lu_user, lu_date, lastin) VALUES ($id, $usernameform, $lastname, $firstname, $occupation, $workloc, $birthday, $sex, $mobil, $telephone, $email, 'Morelogs_Silver.css', ".$conn->QMagic($md5pw).", $language, ".UACTIVE.", '".$_SESSION["MGW"]->userid."', ".$conn->DBTimeStamp(time()).", ".$conn->DBTimeStamp(time()).")"; 81 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 82 83 $sql = "INSERT INTO mgw_groups_members (groupid, userid, lu_user, lu_date) VALUES (".(int) $_POST["group"].", $id, ".$_SESSION["MGW"]->userid.", ".$conn->DBTimeStamp(time()).")"; 84 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 85} 86 87// ================================================= 88// create entry (batch) 89// ================================================= 90/* creates users from a batch file. CSV format, fields as follows. 91 * delimiter is comma, fields enclosed in double quotes 92 * 93 * "usernameform","lastname","firstname","occupation","workloc","birthday","sex","mobil","telephone","email","md5pw" 94 */ 95if (isset($_POST["batchcreate"])){ 96 queryRights2("root_modules_admin_usermanager_createusersfromfile"); 97 98 if (is_uploaded_file($_FILES['batchfile']['tmp_name'])) { 99 $fp = fopen($_FILES['batchfile']['tmp_name'],"r"); 100 while ($data = fgetcsv ($fp, 500, ",")) { 101 $id = $conn->GenID('mgw__seq_users', 5); 102 $usernameform = $conn->quote($data[0]); 103 $lastname = $conn->quote($data[1]); 104 $firstname = $conn->quote($data[2]); 105 $occupation = $conn->quote($data[3]); 106 $workloc = $conn->quote($data[4]); 107 $birthday = $conn->quote($data[5]); 108 $sex = $conn->quote($data[6]); 109 $mobil = $conn->quote($data[7]); 110 $telephone = $conn->quote($data[8]); 111 $email = $conn->quote($data[9]); 112 $md5pw = md5($data[10]); 113 $language = $conn->QMagic($_POST["language"]); 114 115 if(!empty($data[0]) && !empty($data[10])){ 116 $sql="INSERT INTO mgw_users (id, username, lastname, firstname, occupation, workloc, birthday, sex, mobil, telephone, email, skintheme, pw, lang, level, lu_user, lu_date, lastin) VALUES ($id, $usernameform, $lastname, $firstname, $occupation, $workloc, $birthday, $sex, $mobil, $telephone, $email, 'Morelogs_Silver.css', '$md5pw', $language, ".UACTIVE.", '".$_SESSION["MGW"]->userid."', ".$conn->DBTimeStamp(time()).", ".$conn->DBTimeStamp(time()).")"; 117 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 118 119 $sql = "INSERT INTO mgw_groups_members (groupid, userid, lu_user, lu_date) VALUES (".(int) $_POST["group"].", $id, ".$_SESSION["MGW"]->userid.", ".$conn->DBTimeStamp(time()).")"; 120 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 121 } 122 } 123 fclose ($fp); 124 } 125} 126 127// ================================================= 128// edit entry 129// ================================================= 130 131if (isset($_POST["edit"]) && !$errorsrc){ 132 queryRights2("root_modules_admin_usermanager_modifyusers"); 133 134 $id = (int) $_POST["id"]; 135 $usernameform = $conn->QMagic($_POST["usernameform"]); 136 $lastname = $conn->QMagic($_POST["lastname"]); 137 $firstname = $conn->QMagic($_POST["firstname"]); 138 $occupation = $conn->quote($_POST["occupation"]); 139 $workloc = $conn->quote($_POST["workloc"]); 140 $sex = $conn->quote($_POST["sex"]); 141 $email = $conn->QMagic($_POST["email"]); 142 $mobil = $conn->QMagic($_POST["mobil"]); 143 $telephone = $conn->quote($_POST["telephone"]); 144 $language = $conn->QMagic($_POST["language"]); 145 $level = (isset($_POST['active'])) ? UACTIVE : UDISABLED; 146 147 $bdayts = $_POST["birthdayYear"]."-".$_POST["birthdayMonth"]."-".$_POST["birthdayDay"]." 00:00:00"; 148 $birthday=$conn->DBTimeStamp($bdayts); 149 150 if(strlen($_POST["pw"]) >= 6 && ($_POST["pw"] == $_POST["pwagain"])) { 151 $sql="UPDATE mgw_users SET level=$level, lastname=$lastname, firstname=$firstname, occupation=$occupation, workloc=$workloc, birthday=$birthday, sex=$sex, mobil=$mobil, telephone=$telephone, email=$email, pw=".$conn->QMagic(md5($_POST["pw"])).", lang=$language, lu_user=". $_SESSION["MGW"]->userid .", lu_date=". $conn->DBTimeStamp(time()). " WHERE id=$id"; 152 } 153 else { 154 $sql="UPDATE mgw_users SET level=$level, lastname=$lastname, firstname=$firstname, occupation=$occupation, workloc=$workloc, birthday=$birthday, sex=$sex, mobil=$mobil, telephone=$telephone, email=$email, lang=$language, lu_user=".$_SESSION["MGW"]->userid .", lu_date=". $conn->DBTimeStamp(time()). " WHERE id=$id"; 155 } 156 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 157} 158 159// ================================================= 160// delete user 161// ================================================= 162 163if (isset($_GET["action"]) && $_GET["action"] == "delete"){ 164 queryRights2("root_modules_admin_usermanager_deleteusers"); 165 166 // show confirmation screen if it wasnt there so far 167 if(!isset($_POST["confirmation_no"]) and !isset($_POST["confirmation_yes"])) { 168 $sql = "SELECT * FROM mgw_users WHERE id='".(int) $_GET["id"]."'"; 169 if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 170 $row = $res->FetchRow(); 171 172 $smarty->assign("menuid", "1"); 173 $smarty->assign("suclass", "submit"); 174 $smarty->assign("itemid", (int) $_GET["id"]); 175 $smarty->assign("parms", $_SERVER["QUERY_STRING"]); 176 $smarty->assign("reallydeleteitem", Lang::getLanguageString("reallydeluser")); 177 $smarty->assign("deleteheader", Lang::getLanguageString("deleteuserh")); 178 $smarty->assign("deletedetail2", $row["lastname"].", " .$row["firstname"]); 179 $smarty->assign("deletedetail1", $row["username"]); 180 181 $smarty->display($appconf["gentemplates"] ."/delete_item.tpl"); 182 exit(); 183 } 184 185 // delete only when user said so 186 if(isset($_POST["confirmation_yes"])) { 187 $sql = "UPDATE mgw_users SET username=id, level=".UDELETED." WHERE id='".(int) $_POST["itemid"]."'"; 188 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 189 190 $sql = "DELETE FROM mgw_groups_members WHERE userid='".(int) $_POST["itemid"]."'"; 191 if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 192 } 193} 194 195// ================================================= 196// New Item Formular 197// ================================================= 198if ((isset($_GET["action"]) && $_GET["action"] == "newform") || (isset($errorsrc) && $errorsrc == 'create')) { 199 queryRights2("root_modules_admin_usermanager_createusers"); 200 201 include(INCLUDEPATH . "mSelectBox.class.php"); 202 203 if(isset($errorsrc) && $errorsrc == 'create'){ 204 $row['username'] = $_POST['usernameform']; 205 $row['firstname'] = $_POST['firstname']; 206 $row['lastname'] = $_POST['lastname']; 207 $occupation = $_POST['occupation']; 208 $workloc = $_POST['workloc']; 209 $row['sex'] = $_POST['sex']; 210 $row['mobil'] = $_POST['mobil']; 211 $row['telephone'] = $_POST['telephone']; 212 $row['email'] = $_POST['email']; 213 $smarty->assign('td', $row); 214 215 $lang = $_POST['language']; 216 $group = $_POST['group']; 217 218 $bdayts = $_POST["birthdayYear"]."-".$_POST["birthdayMonth"]."-".$_POST["birthdayDay"]." 00:00:00"; 219 $smarty->assign('bdayts', $conn->DBTimeStamp($bdayts)); 220 } 221 else{ 222 $lang = 'login'; 223 $group = 50001; 224 $occupation = ''; 225 $workloc = ''; 226 } 227 228 $sb5 = new mSelectBox("language"); 229 $sb5->setContentType("sql"); 230 $sb5->setSQLvalue("langcode"); 231 $sb5->setSQLcontent("description"); 232 $sb5->addContent("SELECT * FROM mgw_languages"); 233 $sb5->addOption("login",Lang::getLanguageString("login_select")); 234 $smarty->assign("langbox", $sb5->draw($lang)); 235 236 $sb6 = new mSelectBox("group"); 237 $sb6->setContentType("sql"); 238 $sb6->setSQLvalue("id"); 239 $sb6->setSQLcontent("name"); 240 $sb6->addContent("SELECT * FROM mgw_groups"); 241 $smarty->assign("groupbox", $sb6->draw($group)); 242 243 $sb7 = new mSelectBox("occupation"); 244 $sb7->setContentType("sql"); 245 $sb7->setSQLvalue("id"); 246 $sb7->setSQLcontent("name"); 247 $sb7->addContent("SELECT id,name FROM mgw_occupations"); 248 $smarty->assign("occupationbox", $sb7->draw($occupation)); 249 250 $sb8 = new mSelectBox("workloc"); 251 $sb8->setContentType("sql"); 252 $sb8->setSQLvalue("id"); 253 $sb8->setSQLcontent("name"); 254 $sb8->addContent("SELECT id,name FROM mgw_workplace"); 255 $smarty->assign("worklocbox", $sb8->draw($workloc)); 256 257 $smarty->assign("mode","new"); 258 $smarty->assign("suname","create"); 259 $smarty->assign("suclass","submit"); 260 261 $smarty->display('usermanager_edit.tpl'); 262 exit(); 263} 264 265// ================================================= 266// New Item Formular (Batch) 267// ================================================= 268if (isset($_GET["action"]) && $_GET["action"] == "newformmultiple") { 269 queryRights2("root_modules_admin_usermanager_createusersfromfile"); 270 271 include(INCLUDEPATH . "mSelectBox.class.php"); 272 $smarty->assign("suname","create"); 273 $smarty->assign("suclass","submit"); 274 275 $sb5 = new mSelectBox("language"); 276 $sb5->setContentType("sql"); 277 $sb5->setSQLvalue("langcode"); 278 $sb5->setSQLcontent("description"); 279 $sb5->addContent("SELECT * FROM mgw_languages"); 280 $sb5->addOption("login",Lang::getLanguageString("login_select"),"pre"); 281 $smarty->assign("langbox", $sb5->draw("login")); 282 283 $sb6 = new mSelectBox("group"); 284 $sb6->setContentType("sql"); 285 $sb6->setSQLvalue("id"); 286 $sb6->setSQLcontent("name"); 287 $sb6->addContent("SELECT * FROM mgw_groups"); 288 $smarty->assign("groupbox", $sb6->draw(50001)); 289 290 $smarty->assign("mode","new"); 291 292 $smarty->display('usermanager_batch.tpl'); 293 exit(); 294} 295 296// ================================================= 297// Edit Item Formular 298// ================================================= 299if ((isset($_GET["action"]) && $_GET["action"] == "editform") || (isset($errorsrc) && $errorsrc == 'edit')) { 300 queryRights2("root_modules_admin_usermanager_modifyusers"); 301 302 include(INCLUDEPATH . "mSelectBox.class.php"); 303 304 if(isset($_GET["action"]) && $_GET["action"] == "editform"){ 305 $id = (int)$_GET["id"]; 306 307 $sql = "SELECT * FROM mgw_users WHERE id=".$id; 308 if(($row = $conn->GetRow($sql))===false) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 309 $smarty->assign('bdayts', $conn->UnixDate($row['birthday'])); 310 } 311 else{ 312 $id = (int)$_POST["id"]; 313 314 $row['id'] = $id; 315 $row['username'] = $_POST['usernameform']; 316 $row['firstname'] = $_POST['firstname']; 317 $row['lastname'] = $_POST['lastname']; 318 $row['occupation'] = $_POST['occupation']; 319 $row['workplace'] = $_POST['workloc']; 320 $row['sex'] = $_POST['sex']; 321 $row['mobil'] = $_POST['mobil']; 322 $row['telephone'] = $_POST['telephone']; 323 $row['email'] = $_POST['email']; 324 $row['lang'] = $_POST['language']; 325 $row['group'] = $_POST['group']; 326 $row['level'] = (isset($_POST['active'])) ? UACTIVE : UDISABLED; 327 328 $bdayts = $_POST["birthdayYear"]."-".$_POST["birthdayMonth"]."-".$_POST["birthdayDay"]." 00:00:00"; 329 $smarty->assign('bdayts', $conn->UnixDate($bdayts)); 330 } 331 332 $sb5 = new mSelectBox("language"); 333 $sb5->setContentType("sql"); 334 $sb5->setSQLvalue("langcode"); 335 $sb5->setSQLcontent("description"); 336 $sb5->addOption("login",Lang::getLanguageString("login_select")); 337 $sb5->addContent("SELECT langcode,description FROM mgw_languages ORDER BY description"); 338 $smarty->assign("langbox", $sb5->draw($row["lang"])); 339 340 $sb6 = new mSelectBox("occupation"); 341 $sb6->setContentType("sql"); 342 $sb6->setSQLvalue("id"); 343 $sb6->setSQLcontent("name"); 344 $sb6->addContent("SELECT id,name FROM mgw_occupations"); 345 $smarty->assign("occupationbox", $sb6->draw($row['occupation'])); 346 347 $sb7 = new mSelectBox("workloc"); 348 $sb7->setContentType("sql"); 349 $sb7->setSQLvalue("id"); 350 $sb7->setSQLcontent("name"); 351 $sb7->addContent("SELECT id,name FROM mgw_workplace"); 352 $smarty->assign("worklocbox", $sb7->draw($row['workloc'])); 353 354 $row["pw"]=""; 355 $smarty->assign("id", $id); 356 $smarty->assign("td", $row); 357 $smarty->assign("suname","edit"); 358 $smarty->assign("suclass","submit"); 359 360 $smarty->assign("mode","edit"); 361 362 $smarty->display('usermanager_edit.tpl'); 363 exit(); 364} 365 366 367// ================================================= 368// List View 369// ================================================= 370queryRights2("root_modules_admin_usermanager_listusers"); 371 372$icons = getIconStrings(); 373 374$sql = "SELECT * from mgw_users WHERE NOT(level=".UDELETED.") ORDER BY username"; 375 376// ========== PAGING STUFF ================= 377if (isset($_GET['npage'])){ 378 $curr_page = $_GET['npage']; 379} 380else { 381 $curr_page = 1; // at first page 382} 383// ========================================= 384 385if(!$res = $conn->PageExecute($sql, 25, $curr_page)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); 386 387// ========== PAGING STUFF #2 ================ 388// if NOT on first page 389if(!$res->AtFirstPage()) { 390 $smarty->assign("_prev", true); 391 $smarty->assign("npage", $res->AbsolutePage() - 1); 392} 393 394// if NOT on last page 395if(!$res->AtLastPage()) { 396 $smarty->assign("_next", true); 397 $smarty->assign("npage", $res->AbsolutePage() + 1); 398} 399// ============================================ 400 401$counter = 0; 402while($row = $res->FetchRow()){ 403 $counter++; 404 $row['lu_date'] = $conn->UnixTimestamp($row['lu_date']); 405 $row['email'] = linkEmail($row["email"]); 406 407 // create Action URLs 408 $editlink = "<a href=\"usermanager.php?action=editform&id=". $row["id"]. "&".SID."\" class=\"edit\">".$icons["edit"]."</a>"; 409 if($row['username'] != 'admin') 410 $dellink = "<a href=\"usermanager.php?action=delete&id=". $row["id"]. "&".SID."\" class=\"delete\">".$icons["delete"]."</a>"; 411 $urls[] = $editlink . $icons["space"] . $dellink; 412 413 $smarty->append("td",$row); 414} 415 416// ========== PAGING STUFF #3 ================== 417// display next link when more records available 418if($counter<>25) $smarty->assign("next", false); else $smarty->assign("next", true); 419 420$smarty->assign('urls', $urls); 421$smarty->assign('action', (isset($_GET["action"])) ? $_GET["action"] : ''); 422 423$smarty->display("usermanager_list.tpl"); 424?> 425